> On Jan 14, 2016, at 2:12 AM, Nick Coghlan <ncogh...@gmail.com> wrote:
>
> In terms of non-scientific packages, the main group I'd suggest
> getting in touch with is pycryptography, as we'll probably want to
> baseline a more recent version of OpenSSL than the one in CentOS 5.11.
>
1. It's "cryptography" (or "PyCA's Cryptography", or "cryptography.io"), not
"pycryptography". This is an important distinction because "PyCrypto" is the
crappy, old thing you should not use, and "cryptography" is the new hotness.
2. On every other platform where they distribute wheels, the Cryptography
developers have statically linked both OpenSSL and libffi; I was tangentially
involved in the effort to do this on OS X, and in the process of debugging
that, I learned that the Linux toolchain is fairly similar. I would imagine
that they'd want to statically link OpenSSL the same way, for the same reasons,
on Linux. Cryptography does regular releases to bundle in newer OpenSSLs,
generally more often than the underlying platforms do. (Since Cryptography
does not directly export OpenSSL's API as such, it's easier to do multi-verison
compatibility with Python than with C.)
In fact I am going to go out on a limb and say that I think Cryptography could
be ready to go with this in a few weeks if PyPI just started allowing Linux
wheels. We've discussed using ancient-CentOS containers for building static
binaries the same way PyPy does. The potentially tricky part is just building
the static new versions of OpenSSL from scratch on old systems, I think...
-glyph
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
